t cht lk
On an international level, the General
Data Protection Regulation (GDPR) comes
into force in the 28-member states of
the European Union in May 2018. GDPR
toughens rules around obtaining consent
to process data. It impacts all organisations
worldwide that do business with individuals
or companies in the EU, and therefore, treat
their personal data.
Many of the Middle Eastern organisations,
including ones in the UAE, are therefore
required to comply. This regulation forces
companies, whether based in the EU or
outside, to tell consumers whenever a serious
breach occurs. The new regulation sets much
“
DATA LOSS
CAN CAUSE
SIGNIFICANT
BRAND DAMAGE
AND CUSTOMER
ATTRITION
AS WELL.
Gordon Love, Vice
President – EMEA
Emerging Region,
Symantec
in a way that complies with national data
protection laws.
With the sheer volume of data and
the speed at which it moves around
organisations, these factors have made data
protection a critical issue for every business.
They need to get a better understanding of
the data they are dealing with, how much of
this data is particularly sensitive, where this
data is transferred, how they can protect it,
and how they can detect and respond to a
data loss incident if it actually takes place.
But without any visibility into data risks, this
can prove quite a challenge.
You need to follow your data,
everywhere it goes
The Symantec State of Privacy report in
2015 highlighted how consumers consider
privacy the most important criterion when
they go online to buy goods or when they
establish some sort of relationship with
organisations, private and public.
Technologies like Active Directory or LDAP
give organisations the ability to specify how
each user on the network may access, edit
and share any piece of data. That was fine
when data didn’t leave the network and was
only shared between authorised corporate
users but is insufficient today when data is
as mobile as the devices your employees
have in their pockets.
more stringent standards for data protection.
It means that companies can be forced to
stop collecting or processing data and even
face fines of up to €20 million or 4% of
global revenue, whichever is larger.
But for companies that suffer a significant
data breach, fines are just the start of their
problems. Data loss can cause significant
brand damage and customer attrition
as well. But what does a significant data
breach really mean for businesses in the
Middle East?
Businesses need to get serious
about protecting their data
A survey by Aruba Networks found that
employers in the Middle East were more
96
INTELLIGENTCIO
likely to say Yes to BYOD, as compared to
companies in other parts of the world. That
means a lot of companies do not have any
control on these devices. Once data is on
those devices, it can go anywhere and be
viewed by anyone outside of the company
who has access to those devices.
That’s not all. Employees – or even entire
departments – can sign up for cloud
applications that have not been approved by
IT and are operated without any IT oversight.
Once data has been uploaded to cloud
email, storage services or one of the many
popular online CRMs, the business has little
or no control over how it is shared, accessed
or modified. There is also no guarantee that
the cloud app itself stores and secures data
The answer is to secure documents using
technology that is applied at the data
level. When a document is uploaded to
Dropbox or Google Drive, the access and
editing permissions your IT department
specified for that document should follow
it into the cloud.
Even if a document is widely shared online
– and recent research shows that 20% of
documents are broadly shared – it will be
strongly encrypted and only authorised
personnel with the proper credentials should
be able to open and edit it.
Unauthorised users will be unable to make
any use of the data to cause harm to the
individuals or the company. Without this
level of control, you run the risk of personal
data falling into the wrong hands, company
documents and internal discussions
coming to light in a way that may hurt the
www.intelligentcio.com